Microsoft Windows DHCP Server Out-of-Bounds Read Vulnerability Allowing Information Disclosure

A vulnerability allowing out-of-bounds read has been identified in the Windows DHCP Server. This issue enables an authorized attacker to locally disclose information by reading a limited amount of data from the system's memory. The vulnerability is present in several versions of Windows 10, Windows 11, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025, and Windows 11 Version 24H2 for ARM64-based Systems.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to read restricted data from the affected system's memory. While the vulnerability could cause the DHCP service to crash or stop functioning temporarily, the primary risk lies in the potential exposure of sensitive information.

Remediation

Users can apply the security update KB5094127 for Windows 10 Version 22H2, KB5094128 for Windows Server 2022, KB5094123 for Windows Server 2019, KB5094041 for Windows Server 2012 R2, KB5094042 for Windows Server 2012, KB5095051 for Windows 11 Version 26H1, and KB5093998 for Windows 11 Version 23H2. Instructions for downloading these security updates are available on the Microsoft Update Catalog.